We use cookies to make your experience better. To comply with the new e-Privacy directive, we need to ask for your consent to set the cookies. Learn more.
Privacy Policy
PRINCIPLES OF PROCESSING PERSONAL DATA
Segway Powersports sro company
ID: 09783776
with registered office in Letkov, Staroplzenecká 290, ZIP code 326 00,
registered in the Commercial Register kept by the Regional Court in Pilsen, section C, file 40164,
telephone contact: +420 378 21 21 01
e-mail: info@segwaypowersports.cz
(hereinafter also referred to as the “administrator”)
hereby informs data subjects about the principles of personal data processing and some of the rights of data subjects that arise from the applicable legislation. We ask data subjects to read these principles of personal data processing carefully, as these principles set out the basis on which we will process personal data that we obtain from you as a data subject or that you provide to us. These principles represent a clear summary of the most important procedures that the controller applies to protect personal data. In case of any questions regarding the processing and protection of your personal data, please contact the controller at the contacts listed in the header.
Introductory provisions
The company Segway Powersports sro, company ID 09783776, with its registered office at: Letkov, Staroplzenecká 290, ZIP code 326 00, entered in the Commercial Register kept by the Regional Court in Pilsen, Section C, File 40164, is, within the meaning of Article 4(7) of Regulation (EU) 2016/679 of the European Parliament and of the Council (hereinafter referred to as the "GDPR"), the controller of personal data.
The personal data controller undertakes to protect and respect the right of data subjects to privacy, as the controller considers the protection of privacy and personal data to be its primary obligation. The personal data controller declares that it handles personal data exclusively in accordance with applicable legislation.
These principles represent a generally valid document that the controller undertakes to follow when protecting and processing personal data of natural persons as data subjects, which the controller obtained in connection with the negotiation of a contract and any subsequent conclusion of a contract or in connection with any free consent of the data subject to the processing of their personal data.
Personal data processing policies
In accordance with Article 5 of the GDPR, the controller is responsible for complying with the principle when processing personal data:
- lawfulness – the obligation to determine the legal title for each processing of personal data,
- correctness and transparency – the controller's obligation to ensure that the data subject is as informed as possible about his/her personal data, including, in particular, transparent communication with the data subject and openness towards the data subject regarding his/her personal data. The controller's obligation to use simple language to communicate with the data subject regarding his/her personal data and the obligation to provide clear, understandable and accurate information,
- purpose limitation – the controller's obligation to process personal data only for specific, clearly expressed and legitimate purposes,
- data minimization – the controller's obligation to process only the personal data it needs to fulfill the specified purpose of processing and only to the extent necessary,
- accuracy – the obligation to keep and process only current and accurate personal data and to delete or correct inaccurate data immediately,
- storage limitation – obligation to store personal data only for the period strictly necessary for the purposes of processing,
- integrity and confidentiality – the obligation to process personal data in such a way as to maintain their security and prevent their unlawful or unauthorized processing or their damage, destruction or loss, and is able to demonstrate compliance with these principles.
Rights of data subjects in relation to the protection of personal data
The data subject has the right to contact the controller at any time to obtain information about the processing of their personal data.
The data subject has the right to contact the controller at any time in order to exercise the rights listed below:
- the right to access personal data and the right to request confirmation from the controller as to whether or not personal data concerning him or her are being processed, and the right to request a copy of the processed personal data,
- the right to rectification if the data subject believes that the personal data held by the controller about him or her are inaccurate and the right to have incomplete personal data completed,
- the right to erasure ("right to be forgotten") of personal data without undue delay if they are no longer necessary for the purpose for which they were collected and processed, if the data subject has withdrawn consent to the processing and there is no other legal ground for the processing, or if the personal data have been processed unlawfully,
- the right to restriction of processing where the data subject disputes the accuracy of the personal data for a period of time necessary to enable the controller to verify the accuracy of the personal data, the processing is unlawful and the data subject refuses to erase such data, the controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims (e.g. in connection with the exercise of a claim in court), or the data subject has objected to the processing and it is not clear whether the controller's legitimate interest overrides the data subject's legitimate interests,
- the right to data portability, where the data subject requests the controller to receive the personal data concerning him or her, which he or she has provided to the controller, in a structured, commonly used and machine-readable format,
- the right to object to the processing of personal data, including profiling, which the data subject processes on the grounds of legitimate interest. If the subject objects to the processing of personal data for direct marketing purposes, the personal data will no longer be processed for this purpose,
- the right to withdraw consent where the data subject has given consent to the processing of personal data for purposes that require consent. The data subject has the right to withdraw consent in the above case at any time. The Administrator points out that in the event of withdrawal of consent, the processing of personal data that occurred before the withdrawal of consent is lawful,
- the right to file a complaint with the supervisory authority, which is the Office for Personal Data Protection, with its registered office at Pplk. Sochora 27, 170 00 Prague 7, if the data subject believes that the personal data protection rules have been violated during the processing of personal data.
The controller shall provide the data subject with information on the measures taken upon request pursuant to Articles 15 to 22 of the GDPR, without undue delay and in any event within one month of receipt of the request. This period may be extended by two months where necessary and taking into account the complexity and number of requests. The controller shall inform the data subject of any such extension within one month of receipt of the request, together with the reasons for the extension. Where the data subject submits the request in electronic form, the information shall be provided in electronic form, where possible, unless the data subject requests otherwise.
Processing of personal data
The Administrator declares that it processes personal data of data subjects that are necessary to fulfill the purpose of the contract and protect the legitimate interests and claims of the Administrator.
The administrator points out that in addition to processing personal data based on the free consent of the data subject, he is entitled to process personal data without the consent of the data subject in cases specified by law (e.g. when fulfilling the obligations that the administrator derives from concluded contracts; to fulfill obligations imposed by special legal regulations; to ensure the protection of rights and legally protected interests; to fulfill a task carried out in the public interest; to the extent strictly necessary due to the legitimate interest of the administrator for the purposes of preventing fraud, for the purpose of protecting against damage to computer systems and electronic communications systems).
The administrator collects and processes data based on the free consent of the data subject, or to the extent strictly necessary, which the administrator obtained in connection with the negotiation of the contract and any subsequent conclusion of the contract or on the basis of another legal title.
The administrator processes personal data to the extent necessary for the purposes of the given contractual relationship or other legal title and further to the extent agreed with the data subject, primarily for the purposes of assessing customer satisfaction, improving services, sending product and service offers, and sending commercial communications and newsletters.
Personal data are collected, stored and used for the period strictly necessary, but at least for the duration of the contractual relationship or other legal title, for the period during which claims arising from the contract with the relevant public authority can be asserted, for the period strictly necessary to protect the rights and claims of the controller, or for the period during which the controller is required by law, or until the consent is withdrawn, if the data was provided based on the consent of the data subject and the controller is not obliged to process personal data by law. The data are processed mainly in connection with business transactions and for the purpose of customer care, informing about news, products and services, sending selected commercial communications and obtaining the opinions of the data subject, all to improve customer care, and also to fulfill the controller's legal or contractual obligations.
The Administrator does not disclose personal data to third parties except as specified in these principles. The Administrator is entitled to share personal data of data subjects with third parties for the purpose of informing about products and services, if the Administrator has the consent of the data subject, or if required or permitted by law. The Administrator is entitled to share personal data of the data subject with third parties in order to prevent a crime or reduce potential risks, if required by law, or where the Administrator deems it appropriate to protect its legitimate interests, rights or property or that of third parties.
The administrator collects, stores and processes personal data securely so that they remain confidential and are not accessible to any unauthorized third party. The administrator processes, stores and protects personal data in paper form at its headquarters in a locked room, which is accessible only to authorized employees of the administrator who are bound by confidentiality. Personal data in electronic form are processed, stored and protected by passwords and firewalls. If the processing of personal data is based on the consent of the data subject or the legitimate interests and purposes of the administrator, personal data may be processed by external collaborators and suppliers, in particular an external law firm, an external accounting firm or external IT support. Entities that cooperate with the administrator are carefully selected on the basis of guarantees that ensure the technical and organizational protection of the personal data transferred.
Personal data is archived according to legal deadlines. The controller has set strict internal rules that verify the lawfulness of the retention of personal data, ensuring that personal data is not retained by the controller for longer than is authorized. The controller is obliged to delete the relevant personal data after the loss of the legal reason for their retention.
Final provisions
These principles come into effect on January 5, 2021 and are issued for an indefinite period.
The Administrator is entitled to make changes to these policies at any time without the consent of the data subject. The current version of these policies is available for inspection during business hours at the Administrator's headquarters.